container-security-testing
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the agent to add external repositories (e.g., falcosecurity.github.io) and reference external tools that are not included in the provided trusted source list.
- REMOTE_CODE_EXECUTION (HIGH): Directs the agent to download and execute images and charts from non-whitelisted sources (e.g., docker/docker-bench-security, falcosecurity/falco) which can execute arbitrary code on the host or in the cluster.
- COMMAND_EXECUTION (HIGH): Provides commands that grant excessive permissions, such as host network access (--net host), PID namespace access (--pid host), and mounting the Docker socket (/var/run/docker.sock), which allows for a total compromise of the host machine.
- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted data from container images and Kubernetes manifests while possessing powerful execution capabilities. \n
- Ingestion points: Output from scanning tools like trivy, kube-bench, and kubectl. \n
- Boundary markers: Absent; no delimiters or warnings to ignore embedded instructions are provided. \n
- Capability inventory: Full container and orchestration control via docker and kubectl. \n
- Sanitization: Absent; no validation or escaping of external content before processing.
Recommendations
- AI detected serious security threats
Audit Metadata